Using https://IPA/ipa/migration, users can migrate their password to their 
principals successfully, a subsequent login to /ui gives them interface to 
change attrs
to their account.

But if their LDAP password is shorter than the default policy of 8 letter (IPA 
the password but set it as expired,) they have no chance to reset it to meet 
the policy
through the UI. I had to help them login in with a ssh session to a IPA client 
to do this, although the majority of my users do not need the ability to have 
ssh sessions.

Is there a possibility to enable users to change or reset expired password in 
the UI?


Qing Chang

Freeipa-users mailing list

Reply via email to